Re: idea for scanning options

[Daniel Miller <bonsaiviking () gmail com>]

On Fri, Jan 9, 2015 at 11:05 PM, Mike . <dmciscobgp () hotmail com> wrote:

> hey guys
>
> so follow along here because maybe this wont make sense, not sure. would
> someone ever think about making a change in our scanning (tcp/udp) to
> ALWAYS have the source port match destination? i read that some protocols
> will only talk this way. 2 i know are IPSEC and RIP (500/520). i do believe
> there are others but i do not recall them right now. so as you would be
> scanning, by default, it would just use the same source as dest on auto. is
> this feasible and do we even care? maybe we could do certain ports this
> way? or do you want the user to constantly specify the src port option?

Mike,

This could be feasible, but would require a good deal of work to implement.
I thought at first that it would not be possible, since we use the source
port to encode information about how many retries had been sent since the
one that provoked the response. This helps with timing, since it lets us
know when there is a very high-latency link where replies to earlier probes
arrive after we have already sent retransmissions. This is already a
consequence of using the -g option to set the source port, though.

The real question then becomes: Is it worth the effort to implement such a
mode, given that the same can be accomplished by performing separate scans
for each of these few services, using the -g option as appropriate?

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/